Harden your systems with Lynis

More Customization Options

In addition to the command-line parameters, a configuration (profile) file also controls the test process. By default, Lynis orients its actions on the specifications from the default.prf file supplied with the package. This file will probably be fine for most scenarios. You will typically only need to modify the file if you are using Lynis Enterprise. The structure and settings of the profile are explained in the comments it contains. You can tell Lynis to use your own profile from the myprofile.prf file by passing in the parameter --profile myprofile.prf.

You can add a number of tests to Lynis as plugins. A plugin is simply a normal shell script that begins with a couple of special comments containing details about its purpose. The script uses the functions provided by Lynis and resides in the plugins subdirectory. One example of a small plugin is the plugins/custom_plugin.template file. For Lynis to integrate and use the plugin, you need to register it in the profile. To do so, add a line stating plugin=myplugin for a plugin by the name of myplugin.


Lynis helps administrators identify vulnerabilities and problematic configurations. The tool is only capable of discovering problems that it is familiar with, of course. In particular, any homegrown scripts or other self-programmed software will be ignored. Additionally, Lynis only provides tips; it is up to the administrator to interpret the test results. Lynis is thus only one building block in your overall security system.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lynis

    The complexity of modern distributions offers many potential attack vectors for malware. Lynis lets you find these vulnerabilities before an attacker does.

  • Command Line: Lynis

    Running a security audit periodically on your system lets you spot unexpected changes and possible weak points.

  • Lynis Shell Skript Checks Unix Security

    The first step towards improving a system's security, is discovering the status quo. Lynis, a small command line program helps users do so.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.